SUSE-SU-2025:4189-1

The SUSE Linux Enterprise 12 SP5 kernel was updated to fix various security issues

The following security issues were fixed:

• CVE-2021-4460: drm/amdkfd: Fix UBSAN shift-out-of-bounds warning (bsc#1250764).
• CVE-2022-48631: ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1223475).
• CVE-2022-50236: iommu/mediatek: Fix crash on isr after kexec() (bsc#1249702).
• CVE-2022-50249: memory: of: Fix refcount leak bug in of_get_ddr_timings() (bsc#1249747).
• CVE-2022-50280: pnode: terminate at peers of source (bsc#1249806).
• CVE-2022-50293: btrfs: do not BUG_ON() on ENOMEM when dropping extent items for a range (bsc#1249752).
• CVE-2022-50327: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (bsc#1249859).
• CVE-2022-50350: scsi: target: iscsi: Fix a race condition between login_work and the login thread (bsc#1250261).
• CVE-2022-50356: net: sched: sfb: fix null pointer access issue when sfb_init() fails (bsc#1250040).
• CVE-2022-50367: fs: fix UAF/GPF bug in nilfs_mdt_destroy (bsc#1250277).
• CVE-2022-50394: i2c: ismt: Fix an out-of-bounds bug in ismt_access() (bsc#1250107).
• CVE-2022-50395: integrity: Fix memory leakage in keyring allocation error path (bsc#1250211).
• CVE-2022-50423: ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() (bsc#1250784).
• CVE-2022-50443: drm/rockchip: lvds: fix PM usage counter unbalance in poweron (bsc#1250768).
• CVE-2022-50459: scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() (bsc#1250850).
• CVE-2022-50481: cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter() (bsc#1251051).
• CVE-2022-50485: ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode (bsc#1251197).
• CVE-2022-50505: iommu/amd: Fix pci device refcount leak in ppr_notifier() (bsc#1251086).
• CVE-2022-50516: fs: dlm: fix invalid derefence of sb_lvbptr (bsc#1251741).
• CVE-2022-50542: media: si470x: Fix use-after-free in si470x_int_in_callback() (bsc#1251330).
• CVE-2022-50571: btrfs: call __btrfs_remove_free_space_cache_locked on cache load failure (bsc#1252487).
• CVE-2023-53183: btrfs: exit gracefully if reloc roots don't match (bsc#1249863).
• CVE-2023-53185: wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes (bsc#1249820).
• CVE-2023-53188: net: openvswitch: fix race on port output (bsc#1249854).
• CVE-2023-53191: irqchip/alpine-msi: Fix refcount leak in alpine_msix_init_domains (bsc#1249721).
• CVE-2023-53204: af_unix: Fix data-races around user->unix_inflight (bsc#1249682).
• CVE-2023-53271: ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume() (bsc#1249916).
• CVE-2023-53282: scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write (bsc#1250311).
• CVE-2023-53289: media: bdisp: Add missing check for create_workqueue (bsc#1249941).
• CVE-2023-53292: blk-mq: protect q->elevator by ->sysfs_lock in blk_mq_elv_switch_none (bsc#1250163).
• CVE-2023-53338: lwt: Fix return values of BPF xmit ops (bsc#1250074).
• CVE-2023-53339: btrfs: fix BUG_ON condition in btrfs_cancel_balance (bsc#1250329).
• CVE-2023-53373: crypto: seqiv - Handle EBUSY correctly (bsc#1250137).
• CVE-2023-53433: net: add vlan_get_protocol_and_depth() helper (bsc#1250164).
• CVE-2023-53476: iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry() (bsc#1250839).
• CVE-2023-53477: ipv6: Add lwtunnel encap size of all siblings in nexthop calculation (bsc#1250840).
• CVE-2023-53484: lib: cpu_rmap: Avoid use after free on rmap->obj array entries (bsc#1250895).
• CVE-2023-53517: tipc: do not update mtu if msg_max is too small in mtu negotiation (bsc#1250919).
• CVE-2023-53519: media: v4l2-mem2mem: add lock to protect parameter num_rdy (bsc#1250964).
• CVE-2023-53540: wifi: cfg80211: reject auth/assoc to AP with our address (bsc#1251053).
• CVE-2023-53548: net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb (bsc#1251066).
• CVE-2023-53556: iavf: Fix use-after-free in free_netdev (bsc#1251059).
• CVE-2023-53559: ip_vti: fix potential slab-use-after-free in decode_session6 (bsc#1251052).
• CVE-2023-53582: wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds (bsc#1251061).
• CVE-2023-53589: wifi: iwlwifi: mvm: don't trust firmware n_channels (bsc#1251129).
• CVE-2023-53593: cifs: Release folio lock on fscache read hit (bsc#1251132).
• CVE-2023-53594: driver core: fix resource leak in device_add() (bsc#1251166).
• CVE-2023-53596: drivers: base: Free devm resources when unregistering a device (bsc#1251161).
• CVE-2023-53619: netfilter: conntrack: Avoid nf_ct_helper_hash uses after free (bsc#1251743).
• CVE-2023-53620: md: fix soft lockup in status_resync.
• CVE-2023-53624: net/sched: sch_fq: fix integer overflow of 'credit' (bsc#1251333).
• CVE-2023-53635: netfilter: conntrack: fix wrong ct->timeout value (bsc#1251524).
• CVE-2023-53648: ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer (bsc#1251750).
• CVE-2023-53687: tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk (bsc#1251772).
• CVE-2023-53695: udf: Detect system inodes linked into directory hierarchy (bsc#1252539).
• CVE-2023-53705: ipv6: Fix out-of-bounds access in ipv6_find_tlv() (bsc#1252554).
• CVE-2023-53707: drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1 (bsc#1252632).
• CVE-2023-53715: wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex (bsc#1252545).
• CVE-2023-53717: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (bsc#1252560).
• CVE-2023-53733: net: sched: cls_u32: Undo tcf_bind_filter if u32_replace_hw_knode (bsc#1252685).
• CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211).
• CVE-2025-38680: media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (bsc#1249203).
• CVE-2025-38691: pNFS: Fix uninited ptr deref in block/scsi layout (bsc#1249215).
• CVE-2025-38695: scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure (bsc#1249285).
• CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224).
• CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (bsc#1249182).
• CVE-2025-38714: hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() (bsc#1249260).
• CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161).
• CVE-2025-38724: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (bsc#1249169).
• CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302).
• CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317).
• CVE-2025-39724: serial: 8250: fix panic due to PSLVERR (bsc#1249265).
• CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512).
• CVE-2025-39772: drm/hisilicon/hibmc: fix the hibmc loaded failed bug (bsc#1249506).
• CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202).
• CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (bsc#1250032).
• CVE-2025-39841: scsi: lpfc: Fix buffer free/clear order in deferred receive path (bsc#1250274).
• CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455).
• CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400).
• CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704).
• CVE-2025-39923: dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (bsc#1250741).
• CVE-2025-39929: smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path (bsc#1251036).
• CVE-2025-39931: crypto: af_alg - Set merge to zero early in af_alg_sendmsg (bsc#1251100).
• CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230).
• CVE-2025-39949: qed: Don't collect too many protection override GRC elements (bsc#1251177).
• CVE-2025-39955: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (bsc#1251804).
• CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).
• CVE-2025-39970: i40e: Fix filter input checks to prevent config with invalid values (bsc#1252051).
• CVE-2025-39971: i40e: Add bounds check for ch[] array (bsc#1252052).
• CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039).
• CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).
• CVE-2025-39997: ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free (bsc#1252056).
• CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).
• CVE-2025-40044: fs: udf: fix OOB read in lengthAllocDescs handling (bsc#1252785).
• CVE-2025-40049: Squashfs: fix uninit-value in squashfs_get_parent (bsc#1252822).
• CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789).
• CVE-2025-40082: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (bsc#1252775).
• CVE-2025-40088: hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() (bsc#1252904).

The following non security issues were fixed:

• NFSv4.1: fix backchannel max_resp_sz verification check (bsc#1247518).
• net: hv_netvsc: fix loss of early receive events from host during channel open (bsc#1252265).
• openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1249854)